Update, 1:19 p.m. PDT: Dyn has posted the following update on its website:
Our engineers are continuing to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.
12:30 p.m. PDT: A large-scale cyber attack hit one of America’s largest Domain Name Servers (DNS) providers on Friday morning, temporarily shutting down websites like Reddit, Twitter and Spotify.
Dyn, a New Hampshire Internet services company, reported around 4 a.m. Pacific time that a large-scale yet unsophisticated attack temporarily overwhelmed its servers. By 6:30 a.m., the company said service was back to normal, but around 9 a.m. Pacific time, Dyn again said it was experiencing such an attack. Around 11 a.m., Dyn said it was investigating and mitigating “several attacks.”
Reuters adds that the attack was “mainly affecting users on the U.S. East Coast.” It continues:
Dyn said it had resolved one attack, which disrupted operations for about two hours, but disclosed a second attack a few hours later that was causing further disruptions.
In addition to the social network Twitter and music-streamer Spotify, the discussion site Reddit, hospitality booking service Airbnb and The Verge news site were among companies whose services were disrupted on Friday.
Amazon.com Inc’s web services division, one of the world’s biggest cloud computing companies, also reported a related outage, which it said was resolved early Friday afternoon.
Gizmodo provides a brief explanation of DNS technology:
In order to understand how one DDoS attack could take out so many websites, you have to understand how Domain Name Servers (DNS) work. Basically, they act as the Internet’s phone book and facilitate your request to go to a certain webpage and make sure you are taken to the right place. If the DNS provider that handles requests for Twitter is down, well, good luck getting to Twitter. Some websites are coming back for some users, but it doesn’t look like the problem is fully resolved.
Gizmodo also includes a running list of websites that Internet users aren’t able to access.
Stay tuned for updates on this story.